[00:05.460 --> 00:12.240]  Welcome to Space Security Challenge 2020, HackASAT, the final event. As the democratization
[00:12.240 --> 00:17.700]  of space opens up a new frontier for exploration and innovation, we see new cybersecurity
[00:17.700 --> 00:24.340]  vulnerabilities emerging. The Space Security Challenge is designed to inspire the world's
[00:24.340 --> 00:30.040]  top cybersecurity talent to develop the skills necessary to secure this last frontier of
[00:30.040 --> 00:37.560]  cybersecurity, space. And already we've made a ton of progress. I'll catch you up. This
[00:37.560 --> 00:42.380]  spring we hosted over 2,000 teams who worked their way through a set of foundational space
[00:42.380 --> 00:48.300]  cybersecurity challenges in our HackASAT qualification round. Now, eight finalist
[00:48.300 --> 00:54.060]  teams are stepping up to the ultimate challenge. They are hacking a satellite.
[01:00.640 --> 01:06.220]  Welcome to the first of two daily recaps for the Space Security Challenge 2020 or HackASAT.
[01:06.220 --> 01:12.900]  I'm still your host, Jordan Wines. As our eight teams have been vying for a share of a $100,000
[01:12.900 --> 01:18.060]  prize pool, we're going to check in and summarize the status of the day. Of course, they also
[01:18.060 --> 01:24.840]  received $15,000 just to get here as a finalist. The competition for that was fierce. Our finalists
[01:24.840 --> 01:30.940]  beat out over 2,000 other teams made up of over 6,000 other competitors. Of course, the biggest
[01:30.940 --> 01:35.900]  prize of all might not even be the money or even the friends we made along the way, but the bragging
[01:35.900 --> 01:40.020]  rights for your code to be selected to take an actual photograph of the moon from a satellite
[01:40.020 --> 01:45.760]  in space. While this event was originally planned to be in person during DEF CON in the aerospace
[01:45.760 --> 01:51.260]  village, the global pandemic has caused us to reimagine the event experience. The result is an
[01:51.260 --> 01:55.260]  immersive 3D environment where you can stay up to date with the competition while learning all
[01:55.260 --> 01:59.760]  about space security and the event itself. You can connect with other spectators and even play
[01:59.760 --> 02:04.600]  games and add to our graffiti wall. So if you aren't already watching this from our immersive
[02:04.600 --> 02:11.940]  3D environment, check it out at virtual.hackasat.com. As prior DEF CON attendees, some of you are very
[02:11.940 --> 02:17.280]  familiar with the many flavors of contests that test your hacking skills. But for others, we
[02:17.280 --> 02:22.340]  realize this is a whole new world. There are many types of hacking contests and Hackasat falls
[02:22.340 --> 02:31.350]  into the category of Capture the Flag or CTF. Remember the game you played as a kid with flags
[02:31.350 --> 02:37.090]  hidden in opponent's terrain? Now imagine the field or code and the flags are secret data.
[02:37.090 --> 02:41.630]  Players exploit security flaws to capture the flags while at the same time defending their
[02:41.630 --> 02:47.570]  networks from opposing teams. These Capture the Flag CTF events are as diverse as the teams that
[02:47.570 --> 02:53.430]  play them. This is a global competitive community with thousands of players and global rankings.
[02:53.430 --> 02:59.210]  It's been a part of the origin story for a great many prominent security experts. So what do these
[02:59.210 --> 03:04.310]  hacking games look like? CTFs can be either in-person or online and usually take place
[03:04.310 --> 03:09.190]  over a weekend or other short period. They often have a qualification round that determines who
[03:09.190 --> 03:14.070]  gets to participate in the finals. CTFs are sometimes themed around a specific domain
[03:14.070 --> 03:19.630]  like space for Hackasat, but more commonly they are not specialized and include a wide variety
[03:19.630 --> 03:25.890]  of different types of challenges. The most common types of CTFs include Jeopardy CTFs, sometimes
[03:25.890 --> 03:31.270]  called Red Team CTFs, are named for their use of the classic game board as a scoreboard. These are
[03:31.270 --> 03:35.730]  more offensive focused. Each team is given infrastructure to attack and the number of
[03:35.730 --> 03:41.010]  successful attacks, the difficulty, or the speed at which they succeed is factored into their score.
[03:41.010 --> 03:46.770]  Attack Defense, A-D, or Full Spectrum CTFs, which are closer to the original game you might have
[03:46.770 --> 03:52.210]  played as a kid. Each team has a server or set of servers to defend and must attack other teams
[03:52.210 --> 03:57.590]  while also protecting their own infrastructure. Key of the Hill style CTFs are Full Spectrum CTFs
[03:57.590 --> 04:02.650]  in which teams score points by gaining and maintaining control of individual systems.
[04:02.750 --> 04:08.070]  And finally, the less common Blue Team Exercises, which are primarily defensive events. Game
[04:08.070 --> 04:12.410]  organizers host an environment and often a professional team of attackers to test the
[04:12.410 --> 04:17.190]  participants defensive skills. These are more common in the high school and collegiate level.
[04:17.290 --> 04:21.850]  How do you win? Even though the goal of the CTFs are to find and exploit vulnerabilities
[04:21.850 --> 04:27.130]  in computer systems, fair play is essential. There are lots of ways to win, but to get the
[04:27.130 --> 04:31.930]  respect of your peers, you need to have good technical solutions. Nobody is impressed if you
[04:31.930 --> 04:36.050]  use a network flood to knock the scoreboard offline, and those kinds of shenanigans will
[04:36.050 --> 04:40.750]  get you shunned quickly. The best CTF players have built specialized tools,
[04:40.750 --> 04:45.280]  practice within their domains, and include domain experts in many aspects of security.
[04:46.290 --> 04:52.310]  Why CTF? At their core, CTF challenges are a way for hackers to build community and demonstrate
[04:52.310 --> 04:56.990]  and hone their skills with other equally skilled people. Competitions are also a chance to
[04:56.990 --> 05:01.330]  experience the joy of learning about a new programming language or a new piece of technology
[05:01.330 --> 05:05.890]  hackers haven't used before. Capture the Flag challenges have also been used to help train
[05:05.890 --> 05:11.010]  cybersecurity teams and to get new hackers interested in security research. Some companies
[05:11.010 --> 05:16.490]  even use competitions similar to CTFs to recruit and vet potential candidates for employment.
[05:16.490 --> 05:21.090]  And CTFs have had real-world impact, with competitors finding actual security flaws
[05:21.090 --> 05:25.870]  in contest infrastructure. Their solutions, while not counting towards winning the game,
[05:25.870 --> 05:31.810]  are often implemented in a real-world context. With HackASAT, we have a CTF game designed to
[05:31.810 --> 05:36.470]  raise awareness about cybersecurity issues in space and help researchers develop specific
[05:36.470 --> 05:41.550]  skills and domain knowledge they'll need to help secure this new frontier. But as many of the
[05:41.550 --> 05:45.970]  players during our Qualls round found out, there are a lot of problems unique to the environments
[05:45.970 --> 05:50.830]  outside our atmosphere. To learn more about hacking in space, check out our Space Talk videos
[05:50.830 --> 05:57.570]  that explain some of the most interesting space-specific challenges. For more on CTFs
[05:57.570 --> 06:01.470]  and other hacking and space-related topics, go to the research room in the virtual environment
[06:01.470 --> 06:07.830]  or check out the related YouTube playlist. Okay, let's go ahead and recap the whole day so far.
[06:13.880 --> 06:19.040]  The game has actually been underway for one hour now, and our team's first challenge has been to
[06:19.040 --> 06:24.000]  regain control of the ground station that they'll be using to communicate with their Flatsats.
[06:24.000 --> 06:29.780]  In fact, just before this broadcast went live, we received word that this challenge was actually
[06:29.780 --> 06:35.940]  solved by Team Samurai. Congratulations to them! Right after our last update ended with only a
[06:35.940 --> 06:40.480]  Samurai solve, several other teams came in with solutions for Challenge Zero.
[06:40.480 --> 06:47.220]  PFS and Solarwine were solvers 2 and 3 on that challenge. After those two teams scored on
[06:47.220 --> 06:50.760]  Challenge Zero, every other team was eventually able to solve Challenge Zero over the next several
[06:50.760 --> 06:56.460]  hours. Taking a look at the scoreboard so far, we've had an eventful last hour. Our teams continue
[06:56.460 --> 07:01.240]  to make progress, with four teams now having solved Challenge One. Unfortunately, the window
[07:01.240 --> 07:06.080]  of time after first solve has expired, and the remaining four teams were given a solution with
[07:06.080 --> 07:13.960]  no points. PFS and Colon Can Into Space were joined by 1553 and 1064 Seabred with solutions
[07:13.960 --> 07:20.120]  for Challenge One. Now, this was going to be where I signed off with this update, but as we were live,
[07:20.120 --> 07:25.080]  PFS actually jumped up on the scoreboard yet again, solving Challenge Two.
[07:30.870 --> 07:35.170]  You may have noticed that first blood overlay and sound effect in that summary. While it was
[07:35.170 --> 07:39.350]  originally used in Unreal Tournament to indicate a kill, the phrase and even sometimes the sound
[07:39.350 --> 07:44.270]  effects are often used in CTF competitions to indicate the first team to solve a particular
[07:44.270 --> 07:50.590]  challenge. The challenges that teams have solved so far include a
[07:50.590 --> 07:55.190]  which required exploiting an insecure web application to steal credentials for the
[07:55.190 --> 07:59.530]  ground station controller, and then using that Cosmos ground station, the teams had to restore
[07:59.530 --> 08:04.110]  communication with their flatsets as they were tumbling and not communicating well.
[08:04.270 --> 08:11.030]  The Challenge One involved connecting to the ground station, turning up the power,
[08:11.030 --> 08:15.070]  turning down the bandwidth, which is very much a real-world troubleshooting step.
[08:15.190 --> 08:19.590]  Next, the teams have to restore proper orientation control over their flatset,
[08:19.590 --> 08:23.310]  but only one team so far has managed to accomplish this feat.
[08:23.330 --> 08:27.110]  That brings us to what's happened in the last two hours of the competition.
[08:27.270 --> 08:31.670]  Most teams are now working on two or three challenges. The on-orbit challenge,
[08:31.670 --> 08:33.770]  Challenge Two, and Challenge Three.
[08:36.030 --> 08:41.030]  PFS has been pulling away to a healthy lead that is going to be hard to catch up to tomorrow.
[08:41.050 --> 08:46.590]  Hard, but definitely not impossible. All it takes is for them to get stuck in a problem and be passed
[08:46.590 --> 08:50.250]  in turn, much like they did to Samurai at the start of the game.
[08:51.190 --> 08:55.770]  It's also interesting to note that PFS, which is actually short for Pwn First Search,
[08:55.770 --> 09:00.050]  and Pulling Can Into Space, are number one and number two on the leaderboard,
[09:00.050 --> 09:05.490]  are two of the smallest teams in the competition. Having a large team is sometimes an advantage,
[09:05.490 --> 09:09.330]  but it definitely comes with logistical issues, and in this case, where the challenges are serial
[09:09.330 --> 09:15.970]  in nature, it isn't always helpful. Let's take a look again at the PFS team bio.
[09:44.920 --> 09:49.440]  If you were here with us live, you might remember that right in the middle of teams working on their
[09:49.440 --> 09:54.240]  challenges at around 12 p.m. Pacific, all teams had to stop what they were doing and shift focus
[09:54.240 --> 10:03.380]  to the on-orbit challenge. Stop everything and look up. Starting now, teams shift to the on-orbit
[10:03.380 --> 10:08.820]  challenge. Their primary goal is to capture a picture of the moon using this satellite.
[10:09.460 --> 10:13.840]  Competitors will have access to the two-line element of the vehicle and the camera's
[10:13.840 --> 10:19.020]  foresight vector. Each team is tasked with creating a mission plan that transitions a
[10:19.020 --> 10:24.060]  satellite from a tumbling state to one where it points the camera at the moon.
[10:24.060 --> 10:29.680]  The team will reach a successful status once their resulting mission plan meets key criteria.
[10:29.680 --> 10:34.580]  One, the commands are generated in the correct order and are within the specified period.
[10:34.580 --> 10:41.840]  Two, the image capture angle of the moon is within specifications. Three, the team's negative
[10:41.840 --> 10:47.100]  z-axis is pointed as close to the earth's center as possible without affecting the camera to moon
[10:47.100 --> 10:52.420]  pointing error. The teams are given a command dictionary with the format for submitting the
[10:52.420 --> 11:02.780]  commands and parameters. The rest is up to them. Of course, while PFS is currently in the lead,
[11:02.780 --> 11:07.680]  they still have a critical problem to solve. Specifically, the on-orbit challenge. While
[11:07.680 --> 11:11.680]  Pullin' Cannon to Space is only nipping at their heels at number two on the scoreboard,
[11:11.680 --> 11:16.380]  they are critically not only the first team with an attempted solution to their on-orbit challenge,
[11:16.380 --> 11:21.540]  but the first with an accepted solution. That would mean that they would be able to pass PFS
[11:21.540 --> 11:27.120]  if PFS is not able to actually solve because, again, that is a pass-fail challenge and it will
[11:27.120 --> 11:30.840]  be critical to see what happens in the last few minutes of gameplay today as well as tomorrow
[11:30.840 --> 11:35.920]  in the on-orbit challenge. Now that the day is wrapping up, hopefully some of the organizers
[11:35.920 --> 11:40.740]  have a little bit more time, so we're going to see if we can bring into video chat Vito Genovese,
[11:40.740 --> 11:44.840]  who many of you may recognize from his time as a member of LegitBS, the team that organized
[11:44.840 --> 11:49.640]  the DEF CON CTF for five years prior to the current organizers, The Order of the Overflow.
[11:49.760 --> 11:53.620]  Vito is also currently with Chromulence, the creators of the flatsats and many of the challenges
[11:53.620 --> 12:00.140]  in HackASAP. Vito, can you hear me? Are you there? Yes, loud and clear. Good evening. Excellent.
[12:00.140 --> 12:03.460]  Glad we got you. Thanks for stopping by. I know you guys have been very, very busy
[12:03.460 --> 12:08.300]  kind of manning the systems and talking to the teams. How's the game going so far?
[12:09.000 --> 12:14.040]  It's been going. We've kind of had some, you know, rough times today. The flatsats are,
[12:14.040 --> 12:19.280]  you know, small run hardware, which always has issues, but we're super, super thankful the teams
[12:19.280 --> 12:22.740]  are being patient with us and they're putting up a good fight and making really, really good
[12:22.740 --> 12:28.220]  progress in the game. Is this pacing what you expected? Sorry, is this pacing what you expected
[12:28.220 --> 12:31.660]  speaking of like how they're kind of doing? Is this about where you thought they would be or you
[12:31.660 --> 12:36.840]  wanted them to be or how does this fit with your expectations? It's really hard to set expectations
[12:36.840 --> 12:41.000]  for these games. A lot of it is, you know, throwing stuff around. We can't even be in the
[12:41.000 --> 12:48.040]  same room doodling on a whiteboard while we do it. So, you know, the expectations are not necessarily
[12:48.040 --> 12:53.900]  what's been happening, but we'll survive. It's a difficult game and, you know, we'll see what
[12:53.900 --> 12:58.860]  happens tomorrow. And I mean, it does seem like that if they're made good progress up to here,
[12:58.860 --> 13:02.300]  they could have been a lot further behind. It would be nice to see them maybe a challenge ahead,
[13:02.300 --> 13:06.280]  but this is certainly within reach, right? Like there's nothing kind of too crazy about what they
[13:06.280 --> 13:10.300]  have remaining. This could be doable and we know these are good teams that are capable of more,
[13:10.300 --> 13:16.400]  it seems like, right? Right, yeah, absolutely. The, you know, challenges zero, challenges one,
[13:16.400 --> 13:20.720]  they're hard challenges and the teams that took time on them, they still took time on them. They
[13:20.720 --> 13:25.260]  did make progress and they did get through eventually. It's, you know, admirable work
[13:25.260 --> 13:29.880]  and it's, you know, it's a difficult time for everybody involved. Now, do you miss actually
[13:29.880 --> 13:33.640]  being in Vegas and going to DEF CON or you actually kind of prefer being remote? What's
[13:33.640 --> 13:39.820]  your take on that? Oh, I absolutely miss it. You know, my favorite restaurant in Vegas,
[13:39.820 --> 13:43.960]  I miss, or my favorite restaurants, plural in Vegas, I miss that. I miss seeing my friends.
[13:43.960 --> 13:48.460]  I miss wearing my, you know, special DEF CON shoes, which are behind me on the shelf there,
[13:48.460 --> 13:54.660]  not in frame yet, but, you know, it's better than getting really, really sick, I guess.
[13:55.320 --> 13:59.940]  Given the alternative, yeah, we're all kind of doing what we can and should there. In fact,
[13:59.940 --> 14:04.280]  even you were originally supposed to be on stream with me and we just thought for safety reasons
[14:04.280 --> 14:10.180]  that we would do this via Zoom and we'd be able to work it out that way. So thanks for doing that.
[14:10.180 --> 14:14.420]  Tell me a little bit more about the rationale behind the scoring algorithm and the game design,
[14:14.420 --> 14:20.740]  this decay and the kind of the grace window. What design constraints went into that decision?
[14:21.500 --> 14:25.840]  Okay, so the main design constraint with this is it's a very linear catch-the-flag game.
[14:26.800 --> 14:32.400]  So what has to happen is we're trying to get teams to take over this or regain control of this,
[14:32.400 --> 14:38.080]  you know, tumbling satellite lost in space. And that is a complicated operation. And instead of
[14:38.080 --> 14:42.400]  just having, you know, one single, you know, you get this chunk of points if you win the game,
[14:42.400 --> 14:46.540]  we split it up into different little gates that teams have to pass through. So, you know,
[14:46.540 --> 14:51.520]  challenge zero or the first gate is getting control of a machine in the ground station.
[14:51.680 --> 14:56.060]  Challenge one after that is being able to actually talk and receive messages with the satellite.
[14:56.200 --> 15:00.960]  So we had to split this up in order to keep, you know, make the game actually have points before
[15:00.960 --> 15:05.740]  you get to the end. And at the same time, in order to make the points actually meaningful,
[15:05.740 --> 15:09.620]  we wanted to make sure there was some time pressure for teams to go quickly and make
[15:09.620 --> 15:14.440]  progress throughout the whole weekend. So we have this kind of decay system implemented.
[15:14.640 --> 15:19.120]  So each challenge is worth a fixed number of points at the beginning. And as soon as the team
[15:19.120 --> 15:24.620]  solves it the first time, the clock starts ticking. So within that first 30 minutes,
[15:24.620 --> 15:28.000]  anybody else who solves that challenge is also going to get the full points.
[15:28.000 --> 15:31.580]  For challenge zero, that would be 50 points. For challenge two or for challenge one,
[15:31.580 --> 15:37.460]  that was 200 points. Beyond that, after that first 30 minutes, we have another two-hour interval
[15:37.460 --> 15:43.780]  where that point amount starts gradually ticking down towards zero. Once it's hit zero, we don't
[15:43.780 --> 15:47.840]  award points for it. And at that point, it also means that we share hints to, you know, nudge
[15:47.840 --> 15:52.400]  teams along to get them to the next phase of the competition. And that's one of the advantages,
[15:52.400 --> 15:56.360]  I think, is that, you know, a team, if they happen to get stuck on one particular problem
[15:56.360 --> 16:00.940]  in a serial event in particular, there's just not much you can do in fairness to the other teams
[16:00.940 --> 16:04.120]  in terms of, you know, kind of you don't want to give a team a hint just because they're behind
[16:04.540 --> 16:08.240]  because that actually hurts them. But by having the score drop off at a point which they have to
[16:08.240 --> 16:11.900]  be done or else they're just given a hint, well, then they've lost all the points for it. And so,
[16:11.900 --> 16:16.560]  it keeps them up with the game while not punishing the teams that do well. So, that makes a lot of
[16:16.560 --> 16:21.180]  sense. If you had a favorite challenge, what's the number? And if it's one we haven't seen yet,
[16:21.180 --> 16:26.000]  like, no spoilers, of course, but what do you like best? So, it's honestly, for me,
[16:26.000 --> 16:30.400]  it's probably challenge one, which is kind of where the game starts to diverge from a normal
[16:30.400 --> 16:34.540]  Capture the Flag contest. With Challenge Zero, we had a web app that teams had to,
[16:34.540 --> 16:37.760]  I think, determine a cookie secret in. And that's very...
[16:41.060 --> 16:46.560]  Challenge one is where we start to diverge. That's where we have to, once we've gotten into
[16:46.560 --> 16:51.920]  the ground station and are able to talk to the, you know, satellite control system, Cosmos,
[16:51.920 --> 16:55.880]  that's where teams have to figure out how to turn telemetry on on the satellite
[16:55.880 --> 16:59.820]  because it's not, you know, just another machine on the network with an IP address.
[16:59.820 --> 17:05.460]  And where teams have to figure out how to tell the satellite's radio to configure itself in a way
[17:05.460 --> 17:09.560]  that it's actually functional for the rest of the game, for sending messages back and forth.
[17:09.560 --> 17:14.180]  I saw a great quote go over the team communication channel from the organizers that said,
[17:15.720 --> 17:20.020]  these are not like traditional network devices. And if you think sending, you know, two requests
[17:20.200 --> 17:24.740]  a second, you know, will get you more reliability the way you would in a normal network, that may
[17:24.740 --> 17:28.500]  be counterproductive here, which I thought was a great kind of nod towards the, yeah,
[17:28.500 --> 17:31.840]  there's some different constraints and different concerns that maybe, you know,
[17:31.840 --> 17:37.200]  are not the folks first instincts are accurate on, given the environment. So that makes a lot of
[17:37.200 --> 17:43.300]  sense. Yeah, absolutely. It's a satellite is in some senses, it is, you know, still a computer.
[17:43.520 --> 17:47.720]  But the problem is, is it's a computer that costs millions and millions of dollars to,
[17:47.720 --> 17:50.380]  you know, install. And it costs, you know, billions of...
[17:52.220 --> 17:57.560]  No, I think we might have lost you a little bit there for some network. Oh,
[17:57.560 --> 18:01.600]  it costs, you know, millions to, you know, put it in place in the first place. And it costs
[18:01.600 --> 18:06.700]  billions to send somebody up there to push a button to restart it. Beyond that, it's, you know,
[18:06.880 --> 18:12.260]  a computer that you only talk to an RF. And it's moving in a way that whenever you can see it,
[18:12.260 --> 18:16.020]  you can probably talk to it. But there's a lot of time from any given ground station where you
[18:16.020 --> 18:22.860]  can't see it at all. And that's a very unique challenge. Vito, thank you very much for both
[18:22.860 --> 18:26.500]  your work on the game and for taking some time to talk to us tonight. Look forward to seeing how
[18:26.500 --> 18:33.160]  teams do tomorrow and look forward to talking to some more as we see their progress. Excellent.
[18:33.160 --> 18:39.820]  Thanks. Take care. Take care. That's it for this first day of the Space Security Challenge 2020
[18:39.820 --> 18:44.720]  or HackASet final event. Overnight, we'll be taking our FlatSats offline so they can get a
[18:44.720 --> 18:49.760]  good rest, aka have their batteries charged, and so the competition organizers can recharge their
[18:49.760 --> 18:55.000]  batteries, aka have a good night's rest. Of course, in addition to sleep, the teams will need to
[18:55.000 --> 18:58.620]  continue working on some of the components in between game shutdown and game start tomorrow
[18:58.620 --> 19:04.040]  morning at 7 a.m. Pacific and 10 a.m. Eastern. They've actually been given a firmware image that
[19:04.040 --> 19:09.380]  will help them for the upcoming Challenge 3. Thanks for spending your day with us. Make sure
[19:09.380 --> 19:13.960]  to check out the rest of what's happening at DEF CON, the Aerospace Village, and our Aerospace
[19:13.960 --> 19:18.900]  Workshops. And I look forward to seeing you all tomorrow morning at 9 a.m. Pacific, 12 p.m. Eastern
[19:18.900 --> 19:20.460]  for our next game update.
